Desktop automation has been around for years. Ghost was written in 1996 to enable IT support people to clone a computer. ZENWorks was introduced by Netware in 1998 to help manage server and desktop configurations across the network. So it’s very far from a new idea. What’s interesting about it however is that it never stops evolving.
Article published in Legal Week in December 2007.
The basic aims of automation are simple: to reduce your IT costs; deliver services more quickly; and be more reliable and secure. In itself automation does not do anything that you could not do manually. It’s just that you would have more staff than you need, and the chances of everything being done consistently, correctly, and quickly would be low. If you are not heavily automated, you are almost certainly inefficient and not delivering a top class IT service. In a rising market this may not be your top priority, but you should be aware of what you are missing, and if you need to reduce costs or improve performance this is the way to do it.
Here are a few examples of things you should be able to do if you are fully automated:
- Rebuild a training room of PC’s with a different configuration in perhaps 15 minutes.
- Have a PA (not the IT helpdesk) set up a new starter with all the correct settings and equipment (phone, Blackberry, laptop, accounts for different systems) in about 10 minutes. Just as important, have them disable a temp or contractor’s account and retrieve equipment immediately when they leave.
- Run a fully up to date operating system and software everywhere, all the time; run incompatible software on the same machines; have the minimum number of licenses that are actually being used; and not be constrained by the difficulty of doing it.
- Provide complete support to a person with a laptop in a hotel or airport overseas, the same as if they were in the office.
- Have next to no faults; no manual activities that require an IT person to visit the desk; no repeat requests to sort out the same problem; no onsite IT support staff.
- Receive alerts for any errors and out-of compliance events.
These may not sound very interesting compared to, say, a client extranet but they are all part of operating efficiently. In fact I’d say they are a good test of whether you are. The tools to do this are readily available.
You can achieve much of what you need with the tools supplied as standard with Windows Server. Group Policy enables you to control the configuration of PC’s and servers down to the last degree. You can also use Group Policy to deploy software as long as it is available in an msi format. Windows Deployment Services will deploy the operating system and enable you, for example, to upgrade more easily to Vista. Distributed File System will replicate a library of software applications and system images across all your sites so they are available for rapid local installation.
If you are short of cash, there are Open Source tools like OCS for inventory and software distribution, and OTRS for helpdesk. The problem with this is that by the time you have implemented these, the true cost is likely to be as much as or more than the commercial tools.
To go further than the tools supplied with Windows or Open Source you need an integrated toolset, like Altiris or LANDesk. For example, Altiris Deployment Solution uses multicast to deploy an OS to multiple computers in a training room at the same time without saturating the network. The pre-boot operating system enables you to control what happens on the machine remotely even before it has loaded Windows. This means you can rebuild, or upgrade to Vista for example, without ever visiting the desk. Integrated tools will give the helpdesk a complete inventory and history of the PC when they are trying to solve a problem. A packager like Wise Package Studio will enable you to build an msi for your custom code so it can be installed automatically with the software distribution tool. Other tools from people like Quest and MTech enable a department PA to provision multiple services to users automatically without contacting the helpdesk, and with less risk of mistakes or delays.
One of the largest law firms is introducing a world wide desktop automation system. They are going to be able to roll out a large number of in-house customisations of Microsoft Office to integrate with their Document Management system. This would just not be realistic without heavy automation. On the other hand, I visited a smaller firm where the IT director did not think he would be able to persuade the partners to buy the tools, even though the department was overstaffed and costing the practice more than if they used the tools. Some people seem more comfortable with staff costs than paying for automation tools.
Several firms I have spoken to recently are introducing thin client systems with no desktop software at all. This simplifies desktop administration, but you then have a significant potential problem with application compatibility on the servers. Software virtualisation is a new technique to deal with this. The software runs in an isolated layer separated by a filter from the operating system, so you can run incompatible software in separate layers. This allows you to run, for example, different versions of the Oracle client and to determine which version runs when you open an application, without doing extensive compatibility testing. Even the user settings and registry keys are isolated. A problem package can be rolled back leaving the system exactly as it was – not the case with a standard software installation. As a result you need fewer servers and can load balance more flexibly across your Citrix infrastructure.
Automation has a significant impact on staffing in IT. You need far fewer people, but with a higher skill level. Basically you no longer need the jack of all trades, but you do need specialists. The work on the ground can be done by facilities staff instead of IT people. The technical work however needs highly skilled people.
There are a number of gotchas, where things can go badly wrong. The wrong instruction sent out by mistake to the wrong computers can obviously cause far more destruction in one go than an incompetent desktop support person working on one machine. For example a custom software package will usually change the machine registry. If it makes the wrong change you can’t just reverse it. There is no record of what was there before. You should never ever let an inexperienced person distribute a software package, or a Group Policy.
This presents a staffing dilemma. A software packaging or group policy expert is wasted working in one place for a long time. A package is a package, deployed to one machine in one company, or ten thousand machines in ten companies. On the other hand, outsourcing without automating just swaps your management for theirs. It is unlikely to change the skills levels or the outcomes much. We feel that the way of the future is to buy in automated desktop and server management as a service. For example, we have a software library appliance that contains OS images and standard applications with automated installations. Add your licenses and you are done.